We have replaced Azure as an IdP with some other provider by just performing domain federation. So all the O365 thick or thin client triggers our idp for authentication. It was working fine. Recently we have observed the thick clients especially on mobile device is not forcing user for re-authentication once user change password. This is working fine for desktop users. So
do we have any article stating how and who manages the session for thick clients on desktop and laptop. Is it ForgeRock or Azure ?
what is the expected behavior after password reset by user (whether intune on android and IoS should force user for re-authentication or no). Should the user be challenged immediately?
what should be the behavior of desktop thick client e.g. Outlook and Teams
how can we achieve force re-authentication on user password change
Note - On password change by user, it goes to AD first and then to Azure on synchronization. We see the synchronization is happening fine.